github/tor-guard-relay
1
1
Fork 0
mirror of https://github.com/r3bo0tbx1/tor-guard-relay.git synced 2026-04-05 16:22:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
167 Commits 1 Branch 2 Tags
main
Commit Graph

167 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
renovate[bot]
6f9f025fe5 🏗️(build): update docker/dockerfile Docker tag to v1.23 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-04-01 22:00:30 +08:00
rE-Bo0t.bx1
602fd07241 🐛 fix(release): update condition for version determination in workflow 2026-03-09 19:02:33 +08:00
rE-Bo0t.bx1
15bf141f84 🏗️ build(deps): upgrade Docker actions to latest versions in release and validate workflows 2026-03-09 18:48:52 +08:00
rE-Bo0t.bx1
1f88765494 🏗️ build(deps): upgrade actions/checkout and actions/upload-artifact versions 2026-03-09 18:34:28 +08:00
rE-Bo0t.bx1
c004fe23b9 🐛 fix(release): improve tag fetching and version detection logic 2026-03-09 17:52:35 +08:00
dependabot[bot]
f7db6fa716 👷 ci(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.1 to 0.35.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.1...0.35.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 16:28:22 +08:00
rE-Bo0t.bx1
ca2ad6868c 📚 docs: enhance Family Key setup instructions in README 2026-03-09 06:09:26 +08:00
rE-Bo0t.bx1
5377cc6a7d 📚 fix(readme): add troubleshooting section for Family Key permissions in Docker 2026-03-08 20:41:54 +08:00
renovate[bot]
783126060d 🏗️ build(deps): bump docker/dockerfile from v1.21 to v1.22 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 10:42:07 +08:00
rE-Bo0t.bx1
06cfd0127d 👷 ci(deps): bump Trivy from v0.69.2 to v0.69.3 2026-03-04 10:34:35 +08:00
rE-Bo0t.bx1
6fab7ebcac 🐛 fix: update vendor label + Refs: be4f2bc125 
🐳 Dockerfiles: match username in Dockerfile and Dockerfile.edge
 2026-03-04 10:26:52 +08:00
rE-Bo0t.bx1
ee33d507f7 🐛 fix(ci): pin Trivy to v0.69.2 - v0.69.1 install script broken 2026-03-02 16:36:26 +08:00
rE-Bo0t.bx1
be4f2bc125 feat(v1.1.7): Happy Family support (Tor 0.4.9+ FamilyId) 
🔧 New tool: gen-family - generate/view Happy Family keys
  - Supports --force flag to overwrite existing keys without backup prompt

🐳 Dockerfiles: gen-family in both Dockerfile and Dockerfile.edge

🔧 Entrypoint:
- Phase 2: detect *.secret_family_key, log found keys (informational only)
- Guard/exit config gen: append FamilyId + MyFamily from ENV vars
- Bridge intentionally excluded

📊 Status tool: show family key count + Happy Family config state

📚 Docs:
- README: Happy Family section (generate / import), persistence table, flowchart
- ARCHITECTURE: all mermaid diagrams updated (Phase 2, config gen, tools, dirs)
- TOOLS: full gen-family reference with examples and exit codes
- DEPLOYMENT, MIGRATION, MIGRATION-V1.1.X, TROUBLESHOOTING: 5 -> 6 tools
- FAQ, example configs: version bump + FamilyId/MyFamily placeholders
- Directory authority voting: how 9 dirauths vote on relay flags (5/9 consensus)
- CIISS v2 ContactInfo: field reference, generator link, proof:uri-rsa verification
- All TOR_CONTACT_INFO examples updated to CIISS v2 format across templates and docs

📋 Templates:
- Guard/exit/multi-relay compose: TOR_FAMILY_ID + TOR_MY_FAMILY env vars
- All cosmos-compose + docker-compose versions -> 1.1.7

👷 CI: validate.yml gen-family in 8 spots (threshold 6), security tests, quick-test

🛡️ SECURITY.md: 1.1.7 active, 1.1.6 maintenance, gen-family in tools list

🔖 Version bump 1.1.6 -> 1.1.7 across 30+ files, tool count 5 -> 6, CHANGELOG entry

No breaking changes. TOR_FAMILY_ID and TOR_MY_FAMILY are optional.
 2026-03-02 16:23:10 +08:00
dependabot[bot]
e861ecb623 👷 ci(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.0 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-23 11:39:37 +08:00
dependabot[bot]
040a9e1156 👷 ci(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-16 11:55:14 +05:30
dependabot[bot]
be6bbf7977 🏗️ build(deps): bump golang from 1.26rc3-alpine to 1.26-alpine 
Bumps golang from 1.26rc3-alpine to 1.26-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.26-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-11 09:19:00 +05:30
rE-Bo0t.bx1
d333e12e88 🐛 fix: swap color codes in get_country_colors 2026-02-10 19:55:17 +05:30
rE-Bo0t.bx1
67767fd9c5 feat: enhance check-dirauth 2026-02-10 19:37:56 +05:30
rE-Bo0t.bx1
ef7b9fb99f feat: add check-dirauth script 2026-02-09 23:29:36 +05:30
rE-Bo0t.bx1
90b65ee469 🔖 release(v1.1.6): bind mount fix, full repo audit, workflow fixes 
🔧 Entrypoint:
- Detect wrong ownership on /var/lib/tor and /var/lib/tor/keys at startup
  with actionable chown commands before Tor fails cryptically in Phase 4
- Accept DEBUG=TRUE, DEBUG=1, DEBUG=yes (case-insensitive)
- Fix signal trap bug: inner cleanup_verify_tmp no longer overwrites
  the global TERM/INT handler (could skip graceful shutdown)

🛡️ Security:
- Deprecate all versions < v1.1.5 (CVE-2025-15467, OpenSSL CVSS 9.8)
- Add deprecation notice to README and SECURITY.md
- Update lifecycle tables in CHANGELOG and SECURITY

🐛 Bug Fixes:
- Fix bootstrap detection in migrate-from-official.sh
  (parsed non-existent "bootstrap_percent" field — now "bootstrap")
- Fix health JSON docs across 4 files: uptime_seconds → uptime,
  add missing pid/errors fields, correct reachable type to string
- Fix validate.yml: bash -n → sh -n (POSIX script, not bash)

📚 Documentation:
- Add "Bind Mount Ownership" troubleshooting section to README
- Fix chown 1000:1000 typo → 100:101 in TROUBLESHOOTING-BRIDGE-MIGRATION.md
- Add [1.1.6] changelog entry
- Update version references across 20+ files to v1.1.6
- Update 47x alpine:3.22.2 → 3.23.3 across migration docs/scripts
- Fix tool count 4 → 5 in DEPLOYMENT, ARCHITECTURE, TROUBLESHOOTING
- Remove 5 broken links (CLAUDE.md, CONTRIBUTORS.md, SECURITY-AUDIT-REPORT.md)
- Fix stale image tags (:1.1.1/:1.1.2 → :latest) in 4 files
- Rewrite PR template as clean reusable form

⚙️ Workflow (release.yml):
- Fix duplicate title in release body (name + body both had ## 🧅 header)
- Fix trailing --- not being stripped from changelog extract
- Fix Full Changelog link comparing current tag to itself
- Extract Alpine version from Dockerfile instead of hardcoding
- Add fetch-depth: 0 for git history in release-notes job
- Fix fallback commit range when no conventional commits found

🐳 Dockerfiles:
- Fix stale base.name label (alpine:3.23.0 → alpine:3.23.3)
- Fix trailing whitespace after backslash in Dockerfile.edge

📋 Templates:
- Update cosmos-compose and docker-compose versions to 1.1.6
v1.1.6 		2026-02-08 16:04:22 +05:30
rE-Bo0t.bx1
3a4372f9c9 👷 feat(ci): add assignee and improve workflow name 2026-02-05 17:42:11 +05:30
rE-Bo0t.bx1
42c88fe121 👷 fix(ci): add workflow permissions (#21) 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2026-02-05 17:37:35 +05:30
dependabot[bot]
17ca6cf5df 🏗️ build(deps): bump golang from 1.25.6-alpine to 1.26rc3-alpine 
Bumps golang from 1.25.6-alpine to 1.26rc3-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.26rc3-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: rE-Bo0t.bx1 <54429050+r3bo0tbx1@users.noreply.github.com>
 2026-02-05 17:24:40 +05:30
rE-Bo0t.bx1
0b20741978 👷 feat(ci): auto-assign reviewer to Dependabot PRs 2026-02-05 17:15:48 +05:30
rE-Bo0t.bx1
899ed60af0 📄 chore: restore LICENSE file with MIT License text 2026-02-05 17:04:01 +05:30
rE-Bo0t.bx1
644c81f927 📄 chore: add SPDX-License-Identifier to LICENSE file 2026-02-04 23:04:32 +05:30
rE-Bo0t.bx1
a9a37662d2 📄 chore: restore LICENSE file with MIT License text 2026-02-04 23:01:56 +05:30
rE-Bo0t.bx1
c5f0d3bbc6 📄 chore: restore LICENSE file with MIT License text 2026-02-04 22:54:56 +05:30
rE-Bo0t.bx1
552c3148e8 feat(v1.1.5): security patch CVE-2025-15467 and build updates 2026-01-31 21:24:33 +05:30
renovate[bot]
a76a501bb9 🏗️ (build): update docker/dockerfile Docker tag to v1.21 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-31 20:56:22 +05:30
dependabot[bot]
b7fbc05599 🏗️ build(deps): bump alpine from 3.23.2 to 3.23.3 
Bumps alpine from 3.23.2 to 3.23.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-31 20:31:27 +05:30
renovate[bot]
8b3de1ca66 🏗️ build(deps): Update golang Docker tag to v1.25.6 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-18 05:02:08 +08:00
rE-Bo0t.bx1
6b1361923e 🐛 fix(docker): correct spacing in 'go get' command for interceptor dependency in Dockerfile and Dockerfile.edge 2026-01-12 19:53:33 +08:00
rE-Bo0t.bx1
2836264996 🐛 fix(docker): correct line continuation in git clone command in Dockerfile and Dockerfile.edge 2026-01-12 19:48:19 +08:00
rE-Bo0t.bx1
c735b350c0 🐛 fix(docker): update dependency management in Dockerfile and Dockerfile.edge to use specific versions for improved stability 2026-01-12 19:43:58 +08:00
rE-Bo0t.bx1
2e14d0bdc5 🐛 fix(docker): update dependency management in Dockerfile and Dockerfile.edge to use 'go get -u' after module replacement 2026-01-12 19:40:05 +08:00
rE-Bo0t.bx1
19da41b87b 🐛 fix(docker): update dependency management in Dockerfile and Dockerfile.edge 2026-01-12 19:24:52 +08:00
rE-Bo0t.bx1
879084c11e 🐛 fix(docker): replace 'go get -u' and 'go mod tidy' with 'go mod download' for improved dependency management 2026-01-12 19:11:49 +08:00
rE-Bo0t.bx1
5120d0d0e9 feat(v1.1.4): modernize templates, security, and build variants 
This update refines the Tor relay configuration and build process:
- Security: Disables DirPort and adopts ciissversion:2 for ContactInfo.
- Performance: Adds IPv6 support and hardware acceleration options.
- Builds: Establishes Stable vs. Edge variants for better testing cycles.
- Tooling: Integrates nyx.config and cleans up legacy tags.
- Sync: Aligns cosmos-compose and docker-compose templates.
- Update retention policy: Keep last 7 versions

No breaking changes introduced.
 2025-12-21 03:14:39 +08:00
dependabot[bot]
ce8cd42875 🏗️ build(deps): bump alpine from 3.23.0 to 3.23.2 
Bumps alpine from 3.23.0 to 3.23.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-21 01:50:37 +08:00
rE-Bo0t.bx1
803658b8ce 🐛 fix(tor-exit-notice): bold user nickname in footer for better visibility 2025-12-15 20:28:34 +08:00
rE-Bo0t.bx1
70d2a54d64 Add Tor Exit Node notice template with detailed information and styling 2025-12-15 18:46:11 +08:00
rE-Bo0t.bx1
42bd499f33 🐛 fix(cleanup): simplify workflow name for clarity 2025-12-07 22:29:25 +08:00
rE-Bo0t.bx1
dd598ca1f9 ♻️ refactor(ops): optimize workflows, docker setup and relay configs 
Refactors the repository configuration to streamline CI/CD processes and tune Tor relay settings.

**CI & Build:**
- 👷 Enhance `cleanup.yml` with clearer cache deletion and logging.
- 🐳 Update `.dockerignore` to streamline CI builds.
- 🔧 Simplify `.gitattributes` and prune `.hadolint.yaml` comments.

**Tor Configuration:**
- 🛡️ Tune `relay-guard.conf` for performance and remove noise.
- 🌉 Update `relay-bridge.conf` ORPort/ServerTransport settings.
-  Refine `relay-exit.conf` exit policies and bandwidth limits.

**Misc & Cleanup:**
- 💄 Improve startup banner aesthetics in `docker-entrypoint.sh`.
- 📝 Add JS execution warnings to `tor-exit-notice` HTML template.
- 🔥 Remove obsolete `examples/.env` file.
 2025-12-07 22:20:45 +08:00
rE-Bo0t.bx1
bfad827af4 📝 docs: add Tor resources and reorganize deployment files 
- 🧅 Add Tor Exit Router notice template for abuse handling
- ☁️ Add recommended hosting providers documentation
- ⚖️ Update LEGAL.md with the latest laws and policy changes
- 🚚 Move Docker and Cosmos compose files to their dedicated directories
 2025-12-06 19:26:42 +08:00
rE-Bo0t.bx1
b6001c3f7a 🐛 fix(entrypoint): use POSIX-compliant signal names 
- Updates the trap command to use 'TERM/INT' instead of 'SIGTERM/SIGINT'. The 'SIG' prefix is undefined in POSIX sh (ShellCheck SC3048), which could prevent graceful shutdown in environments using dash/ash.
 2025-12-05 22:56:48 +08:00
rE-Bo0t.bx1
a26758351c 🩹 fix(templates): remove auto-update labels to improve relay stability 2025-12-05 22:35:48 +08:00
rE-Bo0t.bx1
3b89bc6319 👷 fix(ci): add newline at end of cleanup.yml for consistency 2025-12-05 21:03:38 +08:00
rE-Bo0t.bx1
911a44eef4 👷 feat(ci): add scheduled cache cleanup workflow 2025-12-05 20:48:52 +08:00
rE-Bo0t.bx1
49c9f69918 🛠️ chore: update scripts and documentation for v1.1.3 release 2025-12-05 20:24:55 +08:00